{ config, lib, ... }:

let
  inherit (lib) mkDefault;

in
{
  config = {
    services.openssh = {
      enable = true;
      settings.PasswordAuthentication = false;
    };

    networking = {
      hostName = config.procolixVm.name;
      domain = config.procolixVm.domain;

      ## REVIEW: Do we actually need that, considering that we have static IPs?
      useDHCP = mkDefault true;

      interfaces = {
        eth0 = {
          ipv4 = {
            addresses = [
              {
                inherit (config.procolixVm.ipv4) address prefixLength;
              }
            ];
          };
          ipv6 = {
            addresses = [
              {
                inherit (config.procolixVm.ipv6) address prefixLength;
              }
            ];
          };
        };
      };

      defaultGateway = {
        address = config.procolixVm.ipv4.gateway;
        interface = "eth0";
      };
      defaultGateway6 = {
        address = config.procolixVm.ipv6.gateway;
        interface = "eth0";
      };

      nameservers = [
        "95.215.185.6"
        "95.215.185.7"
        "2a00:51c0::5fd7:b906"
        "2a00:51c0::5fd7:b907"
      ];

      firewall.enable = false;
      nftables = {
        enable = true;
        rulesetFile = ./nftables-ruleset.nft;
      };
    };
  };
}